Security Group Bypass Vulnerability in OpenStack Compute by OpenStack
CVE-2012-2654
Currently unrated
Summary
The EC2 and OS APIs in OpenStack Compute (Nova) versions Folsom, Essex, and Diablo do not properly validate the network protocol during the creation of security groups. This oversight allows remote attackers to bypass access restrictions if the protocol is not entirely specified in lowercase, potentially exposing sensitive resources and leading to unauthorized access.
References
Timeline
Vulnerability published
Vulnerability Reserved